Internet based applications (web, email, VPNs, and instant messaging services) have recently been hit by OpenSSL security vulnerability, known as heartbleed. OpenSSL is an open source cryptographic software library which implements SSL and TLS security protocols. SSL/TLS protocol design ensures security and privacy of communication over Internet. Heartbleed is related to a serious memory handling bug in TLS/DTLS heartbeat extension (RFC6520). It has turned out that because of buggy implementation of heartbeat physical memory (of systems using OpenSSL) remained exposed to attackers/eavesdroppers during last two years. That means hackers had direct access to web server memory including private key being used for secure communication over Internet. Access to private potentially is linked to a wide range of cyber attacks, for instance, man-in-the-middle attack, eavesdropping, hijacking of user identity etc.
According to an estimate 17% or half a million web servers have been directly or indirectly vulnerable to heartbleed bug. People are even attributing it as biggest security threat ever in Internet history. The irony is you cannot know whether you have been exposed to heartbleed or not. Consequently, to be on safe side, one must change passwords to those Internet service which might have used OpenSSL over last two years - it is always good recommended practice to change password after every 60-90 days. Also, if you have been using same password for multiple web applications or service, you must also change them on assumption that one of the application might have been unknowingly heartbleed victim.